Santander Bank
Comments
-
This is how scams like this work
First of all you get a text saying £1,300 has been spent was it you or not. This is not from Santander but number spoofing is used to make it look as though the text came from santander's number...
You reply no - this is irrelevant the fraudster has no access to your reply. However they ring you up a few minutes later and say 'thanks for saying no we need to check your account and I will take you through security'
meanwhile they are on the Santander internet banking screen. they need your Santander user ID of course they enter that onto the Santander banking screen. the Santander banking screen askes for digits 2 and 6 of your security code .the fraudster says to you in order to identify you please give me digits 2 and 6 of your security code...
You give it to them and they enter this onto the Santander banking screen. This gives them access to your account
They of course cannot send money to a new payee without a one-time password sent to your mobile number
Often the scammers will make up some convincing explanation as to why you should give it to them
I'm not saying all of this happened to you I'm just telling you the way frauds like this work
The only similarity is that I got a text and call.
There's three stages to go through before you are in the account with the online banking.
a) Personal ID
b) Password
c) Security code
None of which have been shared - me giving them two of the five digit security code won't get you past the first two stages.0 -
Everybody in your office will use the same IP when accessing external sites. It will be impossible to tell from the IP address whether it was you or one of your colleagues. Just as it will be impossible to tell from your home IP address who in your home was making the transactions.
Agreed, but the as the times matched my browser history I'm confident it was me.0 -
Agreed you need those three pieces of information
the first piece - your username - can be obtained from the Santander website. you need the following information your name your date of birth and your postcode
once entered it takes you to a second screen where it asks you for your debit card long number and CVV code
it then displays your username
clearly you gave the first lot of information over the phone they may have had your debit card and CVV another way either by having physical access to your card at some time or by you using it online o
obviously only you would know if you used it and on what sites
That is two of the three i.e. username and security number digits which they have with the information you gave them
the password I don't know0 -
Agreed you need those three pieces of information
the first piece - your username - can be obtained from the Santander website. you need the following information your name your date of birth and your postcode
Ok, so lets assume they have somehow gleaned my DOB and post code.
once entered it takes you to a second screen where it asks you for your debit card long number and CVV code
I buy everything online and in the shops with a credit card which is paid monthly in full. The only time I've used my debit card for a purchase this year was to order car tax. However, lets assume somehow they've managed to get an image of the front of the card and watched me enter my PIN at a cash point - they still can't see the CVV.
it then displays your username
Not without the CVV
clearly you gave the first lot of information over the phone they may have had your debit card and CVV another way either by having physical access to your card at some time or by you using it online o
Card in my wallet all the time and not used online and no OTP received
obviously only you would know if you used it and on what sites
That is two of the three i.e. username and security number digits which they have with the information you gave them
the password I don't know
It's my belief if they had that level of detail that is being suggested they'd have taken the £20k that was in the account at the time - why mess about with £1,300's worth of chavvy stuff being posted to a traceable address?0 -
they dont need to glean your dob and postcode you told them on the phone0
-
My point is that I am trying to help you by giving you some pointers as to how frauds like this are perpetrated
it may well be it was not done this way in your case but I hoped the information in my posts might be helpful to you when trying to pizxle out what happened
Use the info as you wish0 -
My point is that I am trying to help you by giving you some pointers as to how frauds like this are perpetrated
it may well be it was not done this way in your case but I hoped the information in my posts might be helpful to you when trying to pizxle out what happened
Use the info as you wish
Apologies for the tone of my post - it stems from frustration.
For clarity:
a) the only time I've used my debit card online this year was to pay for road tax.
b) I use it about once a month to take cash out - top and bottom of the card are never visible at the same time.
c) I run Malwarebytes and there's none reported on my home laptop.
d) I work for a FTSE100 who have sophisticated anti spyware software - only two people could remotely access my work laptop.
e) For sure the text I received was from Santander as it started off the whole issue.
f) I've not had any calls from Santander, other than the one that sparked the issue off.
g) I've not used my debit card for a purchase other than for road tax this/last year and holidays in 2018.
h) I've never written my details down and the wife doesn't know them, so could not inadvertently give them out.
I couldn't of provided the level of detail known by the thief and it's my account... Having online access to the account would not have given the thief the CVV code.
Anyway, thanks all for your input.0 -
d) I work for a FTSE100 who have sophisticated anti spyware software - only two people could remotely access my work laptop.
Just read the thread but I didn't see the bit where you said the IPs logged were your home and work. If I missed it and work is included then my comment is about the above.
I use and have used remote access software since it first existed from telnet and vnc up to bomgar and connectwise.
"Only two people" sounds dodgy. If there is a remote access host on your PC then perhaps you believe only 2 people have the credentials, but in reality your company's entire IT community and perhaps wider could have the details.
Can you let me know the name of the remote access program?0
This discussion has been closed.
Categories
- All Categories
- 342.4K Banking & Borrowing
- 249.9K Reduce Debt & Boost Income
- 449.4K Spending & Discounts
- 234.6K Work, Benefits & Business
- 607K Mortgages, Homes & Bills
- 172.8K Life & Family
- 247.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.8K Discuss & Feedback
- 15.1K Coronavirus Support Boards